news:4f2aac37$0$78808$742e...@news.sonic.net...
> On 2/1/2012 4:58 PM, Paul Miner wrote:
> > On Wed, 1 Feb 2012 17:41:27 -0600, "mikeyhsd"<
mike...@hotmail.com>
> > wrote:
> >
> >> looking at the attachment it did indeed have an EXE extension.
> >>
> >> case closed.
> >
> > Case opened.
> >
> > Here's the link that started all of this:
> >
<
http://www.kqed.org/.stream/anon/radio/forum/2012/01/2012-01-27b-forum.mp3>
> >
> > Note that there is an mp3 extension, not an exe extension. The mp3
> > extension indicates a well known audio format, not any kind of
> > executable file. It's completely unknown where you got the idea that
> > there was an exe extension involved.
> >
> > Case closed again.
>
> Thanks, but explaining it to him is apparently hopeless. He wants to
> think that a .mp3 file is a .exe file and the facts have no bearing on
> his beliefs.
>
> What likely happened is that he read somewhere that you should never
> open unknown files because they could be executable files that contain
> viruses, and he extrapolated this advice into the notion that every
> unknown file must be a .exe file regardless of the extension. Now he
> needs to spread this "knowledge" around.
I did not look at the MP3 that is the subject of this thread, so what
follows is just general discussion relevant to this context.
My understanding of how a virus transmission via MP3 file could work is
something like the following:
1) You go to a page with an exploit loaded on the page. Obviously that
assumes you have a particular browser or release of a particular release
that is subject to the exploit. There are known cases of browser exploits
that can execute under Windows with SYSTEM authority even though the user
was browsing from a non privileged account. Microsoft tries to repair
those exploits when found, but these are complex pieces of software, and the
bad guys keep finding loopholes.
Also, let's not forget that MANY MANY users who run Windows XP do so in an
Administrator security context, making life that much easier for an exploit.
I once read a "security" article in a major publication in which the
author - a known "security" expert - said that he had to run Windows XP as
Administrator because it was too difficult to use any other way. Right.
2) You innocently download what you believe to be a data file, in this case
an MP3. But such MP3 would actually be a DLL or EXE for a full TROJAN.
When you go to play the MP3 it would complain of an unknown format.
3) The exploit then manages to invoke a system EXE through the exploit
interface that loads the MP3 as data and then executes it as a DLL or EXE.
A lot of things have to be simultaneously true for this exploit to work, but
in general it could be done.
There isn't enough information in mikey's posts to understand what he found
that leads him to conclude the MP3 contains malware or executable code.
> In this case, a .mp3 file from one of the largest radio stations in the
> country was obviously safe.
I would never assume that a data file from a radio station was checked for
viruses.
--
W